SugarSync

Appsv1

Author: Andrew Rathbun

description

SugarSync

paths

3 paths

AppsSugarSync Log File

C:\Users\%user%\AppData\Local\SugarSync\sc1.log

Locates a log file the gives a play-by-play of what the user synced when.

AppsSugarSync - Shared Folders (Default Location)

C:\Users\%user%\Documents\SugarSync Shared Folders\

AppsSugarSync - My SugarSync (Default Location)

C:\Users\%user%\Documents\My SugarSync\

› paths use Windows environment syntax

collection commands

source:

destination:

# PowerShell Artifact Collection Script
# Target: SugarSync
# Run as Administrator

#Requires -RunAsAdministrator

$ErrorActionPreference = "SilentlyContinue"
$DestBase = "D:\Evidence"

# Function to handle directory creation and copying
function Collect-Artifact {
    param (
        [string]$SourcePath,
        [string]$FolderName
    )
    $FullDest = Join-Path -Path $DestBase -ChildPath $FolderName
    if (-not (Test-Path -Path $FullDest)) {
        New-Item -ItemType Directory -Path $FullDest -Force | Out-Null
    }
    Copy-Item -Path $SourcePath -Destination $FullDest -Recurse -Force
}

# 1. SugarSync Log File
$UserPath = Join-Path $env:USERPROFILE "AppData\Local\SugarSync\"
Collect-Artifact -SourcePath "$UserPath\sc1.log" -FolderName "SugarSync_Log_File"

# 2. SugarSync - Shared Folders (Default Location)
$UserPath = Join-Path $env:USERPROFILE "Documents\SugarSync Shared Folders\"
Collect-Artifact -SourcePath "$UserPath\*" -FolderName "SugarSync___Shared_Folders__Default_Location_"

# 3. SugarSync - My SugarSync (Default Location)
$UserPath = Join-Path $env:USERPROFILE "Documents\My SugarSync\"
Collect-Artifact -SourcePath "$UserPath\*" -FolderName "SugarSync___My_SugarSync__Default_Location_"

Write-Host "Collection complete!" -ForegroundColor Green

› Save as .ps1 and run as Administrator. Use: powershell -ExecutionPolicy Bypass -File script.ps1